Merge pull request #89791 from openshift-cherrypick-robot/cherry-pick-89403-to-rhacs-docs-4.7

kcarmichael08 · web-flow · commit 844a84bbf868 · 2025-03-06T12:23:11.000-05:00
[rhacs-docs-4.7] ROX-27220: Add policy as code to Helm docs
diff --git a/modules/central-services-public-config.adoc b/modules/central-services-public-config.adoc
@@ -40,6 +40,19 @@ Image declares the configuration to set up the main registry, which the Helm cha
 Either use a hostname, such as `registry.redhat.io`, or a remote registry hostname, such as `us.gcr.io/stackrox-mirror`.
 |===
 
+[id="central-services-public-configuration-file-config-as-code_{context}"]
+== Policy as code
+
+Policy as code provides a way to configure {product-title-short} to work with a continuous delivery tool such as Argo CD to track, manage, and apply policies that you have authored locally or exported from the {product-title-short} portal and modified. You configure Argo CD or your other tool to apply policy as code resources to the same namespace in which {product-title-short} is installed.
+
+|===
+| Parameter | Description
+
+| `configAsCode.enabled`
+| By default, the value is `true` so that policy as code is enabled. Set to `false` to disable the policy as code feature.
+
+|===
+
 [id="central-services-public-configuration-file-environment-variables_{context}"]
 == Environment variables
 {product-title} automatically detects your cluster environment and sets values for `env.openshift`, `env.istio`, and `env.platform`.
diff --git a/modules/policy-as-code-about.adoc b/modules/policy-as-code-about.adoc
@@ -12,11 +12,11 @@ You can create and manage policies as code by saving policies as Kubernetes cust
 :FeatureName: Policy as code
 include::snippets/technology-preview.adoc[]
 
-{product-title-short} provides the ability to use default policies or create custom policies for your system. With the policy as code feature, you can create custom policies by authoring them locally and then using a continuous delivery tool such as Argo CD to track, manage, and apply policies to your clusters that are running {product-title-short}. You can also use the API to configure connections to your own GitOps repository such as GitHub. To author policies locally, you create CRs that represent the desired state of the policies. After you create or update CRs and use the CI/CD tool to apply them, the policies stored in the {product-title-short} database are created or updated.
-
 Policy as code is useful for Kubernetes security architects who want to author policies in YAML or JSON instead of using the {product-title-short} portal. GitOps administrators who already manage Kubernetes configurations by using a GitOps workflow can also find it useful.
 
-{product-title-short} installs a new configuration controller in the namespace where Central is installed, typically the `stackrox` namespace. With an Argo CD workflow, you configure Argo CD to communicate with this controller in the `stackrox` namespace by using the Kubernetes API. After you configure this connection, the controller in {product-title-short} receives information from the Kubernetes API about new, updated, or deleted policies that are managed as individual Kubernetes CR files. {product-title-short} reconciles the policy CR to the policy stored in the {product-title-short} database.
+{product-title-short} provides the ability to use default policies or create custom policies for your system. With the policy as code feature, you can create custom policies locally by downloading them and modifying them, or by creating them from empty files. To author policies locally, you create CRs that represent the desired state of the policies. You then use a continuous delivery tool such as Argo CD to track, manage, and apply policies to your clusters that are running {product-title-short}. After you create or update CRs and use the CI/CD tool to apply them, the policies stored in the {product-title-short} database are created or updated.
+
+With this feature, {product-title-short} installs a new Kubernetes controller in the namespace where Central is installed, typically the `stackrox` namespace. With an Argo CD workflow, you configure Argo CD to apply policy as code resources to the same namespace in which {product-title-short} is installed. After you configure this connection, the controller in {product-title-short} receives information from the Kubernetes API about new, updated, or deleted policies that are managed as individual Kubernetes CR files. {product-title-short} reconciles the policy CR to the policy stored in the {product-title-short} database.
 
 // future: architecture diagram
 
